SlideShare a Scribd company logo

GDPR Is Around the Corner - Don't Panic

eZ Systems
eZ Systems

Slides from webinar presented on March 6, 2018 by eZ guest speaker Janne Kalliola, CEO at Exove and GDPR expert. Janne discussed practical approaches to dealing with the upcoming GDPR regulation, including both the legal and technical aspects. He also addressed how GDPR affects content management systems.

Business
1 of 36
Download to read offline
GDPR Is Around the Corner - Don’t Panic EXOVE 2018
About Exove ● Digital design and development company in Finland, Estonia, the UK, and Singapore ● Full service portfolio from business consulting and service design to development and care ● We serve both multinational giants and new start-ups alike ● We deliver digital growth More about us: ● www.exove.com ● www.exove.com/gdpr ● @exove
About Janne Kalliola ● Founder and CEO of Exove ○ Before Exove, worked at Continuent, First Hop, SSH, HUT ● Been coding since 1983, first web stuff in 1994 ● Worked with web publishing and content managements systems since 1999 ○ I’ve written three CMS in the past More about me: ● www.kallio.la ● linkedin.com/in/jannekalliola ● @plastic
Agenda ● EU Privacy - General Data Protection Regulation in a nutshell ○ Background ○ New rights for individuals ○ New requirements for companies ● Content management systems and their specialties ○ Structured and unstructured data ○ Analytics ○ Leaking data inadvertly ● What to do? ○ Practical approach ● Questions & answers
General Data Protection Regulation
GDPR? General Data Protection Regulation Is the EU’s new privacy regulation that harmonises the managing personal data in the member states and gives new rights to the individuals. Replaces old directive (95/46/EC) that is outdated and implemented differently in member states.
GDPR in a Nutshell ● GDPR is a regulation, thus it is in force in all member states without local legislation ● Needs local legislation to be compatible with the regulation and allows a lot of locally adjustable details ● Adds rights to individuals and responsibilities to companies ● Applies to all companies - worldwide - that process personal data of an EU resident ● GDPR is in force already ● We are currently on a transition period that ends on May 25th, 2018 ● GDPR imposes administrative sanctions that can be considerable
Two Data Handling Roles Controller ● The company collecting the data and controlling its usage ● Responsible for and able to demonstrate compliance with the regulation ○ Including also work done by processors Processor ● A company that processes personal data on behalf of a controller ● Must be contractually bound to the controller and follow written orders ● Must return or delete data when contract ends
Broad Definition of Personal Data ● GDPR broadens the definition of personal data: ○ Any information concerning an identified or identifiable natural person - such as name, telephone number, email address, car license plate, dynamic IP address – thus very broad interpretation ○ Pseudonymized data that can be reversed to identifiable with additional data ● GPDR also defines sensitive data that must be handled with special care ○ Political affiliation, health records, genetic & biometric data, etc. ● Children are identified as vulnerable individuals that require specific protection ○ Consent given by person with parental responsibility for the child
Other Major Concepts ● Transparency and consent – The individuals need to know how and why their data is used, and companies need to have valid reason for the data usage ○ Several valid reasons, such as contractual, legal, and based on consent ○ If consent is given, it can be withdrawn anytime ● Privacy by design and default – Systems need to be designed to take privacy into account from the very beginning ● Accountability – Organisations must be able to proof that they are following the regulation, i.e. reversed burden of proof ○ Requires process documentation, paper trails of decisions, and in some cases privacy impact assessments
Rights of the Individuals (1/2) ● Access to data – The individuals must be able to see the data collected about them ○ By request that needs to be followed in a month – there are extensions for some cases, in commonly used electronic format. ○ First copy must be free of charge ● Rectification of inaccurate data – The individuals can ask inaccurate data to be corrected ● Right of erasure – The individuals can ask data to be removed ● Object of processing – The individuals can stop specific kind of processing, for example, direct marketing
Rights of the Individuals (2/2) ● Portability – The individuals have right to have their data ported to them or to another service ● Restricting processing – The individuals can ask to stop processing their data for a period of time. ○ Data can also be temporarily removed in this case ● Profiling and automated decision-taking – Profiling based on sensitive data requires explicit consent and the individuals can request manual intervention of automated decision-taking that cause them significant effects
Data Transfers ● Transfers outside EEA (European Economic Area) are restricted, but not forbidden ● Transfers require adequate level of data protection, such as following EU model clauses ● Number of safe countries whose regulation provides similar protection of personal data as GDPR ● Safe Harbor is now replaced with Privacy Shield, a new deal to self-certify US companies to allow hosting data regulated by the GDPR
Data Breaches ● Processors need to inform the controller “without undue delay after becoming aware of it”, without exceptions ● Controllers need to inform the authorities within 72 hours after becoming aware of the breach ● In some cases, the controller will need to inform the data subjects about the breach
Implications for UX ● Consent is more regulated than before ○ Needs to be specific and unambiguous, cannot be part of other written agreements ○ Must be active – i.e. no pre-ticked checkboxes ○ Must be reversible ○ Record of the given consent is required ○ Consent cannot be required for a service that works also without processing personal data ● Privacy policy is more important than before ○ Data has to have storage times, and a lot of other tidbits
Changes in Contracting ● Controller must have written contract with every processor ○ Responsibility goes to the end of the subcontracting chain ● The contract has mandatory clauses stipulated by GDPR ● The actions done by a processor must be defined in writing
Content Management System Specialties
Structured vs. Unstructured Data ● Most of the data processed by computers is structured, in other words it contains named fields that might have types ○ Structured data is easy to put into spreadsheets ● Content management systems handle a lot of unstructured data – the content ○ Unstructured data is easy to put into documents ○ This data is also under GDPR
Content and GDPR ● Content contains easily a lot of personal information, such as names, email addresses, phone numbers, images of people ● These cannot easily be exported from the system to satisfy end user rights ● Thus, one needs to be diligent ○ Best solutions are to make suitable content types and other structures that move a lot repeating data into structured data ○ For example, staff listing implemented as a list of persons and not freely editable page
Consent ● Remember also to have consent from people to use their personal information ○ Discussion forums, blog comments, etc. ● This applies to your own personnel, too ○ Using names and photos in a staff listing needs a consent ● It does not help whether you use company provided email addresses or phone numbers, as people can still be identified using them – thus they are also personal information
Analytics ● Using analytics is ok in general ● It is good to check what kind of data goes into analytics and how the system processes them ○ Even if does not store the data, it might temporarily be accessible by the personnel of the analytics provider ○ And this needs to be covered in the contract between you and them ● IP address is a typical piece of data transferred to analytics ○ Some solutions – such as Google Analytics – offer anonymisation of IP address before sending it to the analytics
Access and Error Logs ● Content management systems generate various logs for administrative and error management purposes ○ These logs have at least the IP address of the user and thus are also full of personal data ● The procedures for such logs need to be checked ○ Who has access to them ○ Whether they are exported to an analysis system ● Also own or third party extensions to CMS may write own log files ● Debug mode may cause more personal data to be written to the files
URLs ● Your system may transfer personal data in URLs, such as ○ https://example.com/person/?name=Janne+Kalliola&birthdate=... ● All systems storing that URL – logs, analytics, etc. – suddenly may contain way more personal data that you know and have defined in your processes ● Also transaction ids and other pieces of data that identify a single user are considered personal data
Staging and Development Environments ● GDPR affects to all systems, including also staging and development environments ○ In case of requests from users, the data in these systems need to be included in erasure, rectification, etc. ● When data is copied from production to staging or development – typically to debug issues – special care is needed ○ As people tend to have a more relaxed attitude towards these systems, the probability of data leaks increase
What Now?
My Advice ● This is for real, so better be prepared ● If you have not yet started, the chances are that you are late ○ But it is still advisable to start now ● Everything that you do now should already be compliant with GDPR ○ Pay attention to your data architecture ○ Think of user rights and how they are implemented ● Train your people ● Get external help, if you do not know how to proceed
You Need to Know Where You Stand ● You need to understand GDPR and its effects to your organisation ● You must understand how data flows in your systems ○ Where, what and why data is stored ○ Check whether data is flowing out of EU or to another controller ● You must have defined and followed procedures for handling personal data ○ These are typically mostly non-existent in most companies ● You need to have written contracts with all your partners related to personal data ● You need to be moving now and be compliant by May 25th, 2018 ○ There might be some leeway, but I would not count on it ● And if you do nothing, you are just asking for troubles
Two-Way Approach ● When we work with GDPR, we typically split the work into two parts: ○ Gap analysis – understanding current position and the gap towards the compliance by listing the systems, describing data flows between them, and defining the gathered, transferred, and stored personal data ○ Compliance program – a complete undertaking to ensure GDPR compliance, includes changes of processes, systems, documentation, and user-facing policies
Gap Analysis ● Gap analysis exposes the most critical omissions and other issues with regards to GDPR quite quickly ○ It is mostly done as a desktop research ○ We have found that the administrators of systems are better source of information than the vendors of the same systems ● There are tools to support the work, but it can be also done using documents and spreadsheets ● Someone needs to own the project ● The management needs to show interest in the results
Compliance Program ● The compliance program is a long process of fixing everything to be compliant with GDPR ○ The task list must be prioritised, typically quite heavily ○ The key is to reduce “problem surface” as quickly as possible ○ So focus on the main businesses, the most important systems, the most crucial personal data first ● You need to make sure that your vendors are interested in helping you ○ It is a shared undertaking ○ Be fair while being also demanding ● It is crucial to get this off the ground before May 25th
Keeping Up with GDPR ● Gap analysis and compliance programs make you compliant with GDPR for that specific moment when the projects are over ● If you do not sustain the right use of personal data, you will go back to your old ways – that are most probably not compliant ● Everyone needs to change the way how they think about personal data and privacy ○ Your staff, vendors, etc. ● The processes are as good as the people implementing them ● So keep focus on personal data after the big push until it becomes a second nature
So What Now? ● This might sound very exhaustive and even impossible task ● But there are no other decent choices than to comply ● So, it is crucial to take the first step and then continue walking You will reach the destination sooner or later, as long as you keep moving.
Questions & Answers
Thank You! EXOVE Janne Kalliola janne@exove.com +358 40 558 1796
Gap Analysis Description Bird&Bird asks the juridical questions and Exove focuses on ICT. The questionnaires are sent typically to people responsible for ICT, HR, legal and business Bird&Bird and Exove study the results and write an analysis of the situation Bird&Bird and Exove organise a three hour workshop with the key people of the client OPTION: The report is gone through with the client and the situation is assessed to understand how the client will reach legally and technically required compliant state. Contents Results Report with around ten point list of the current situation and action points. Offer for executing a GDPR compliance program IT Juridical Analysis Workshop GDPR compliance program
Compliance Program ● Bird & Bird and Exove plan and execute a complete compliance program ● Based on the gap analysis findings, industry of the client, and assessed risks ● Includes changes to processes, documentation, technology, UX, and contracts ● The depth of the work is to be agreed on case by case basis

Recommended

EU Privacy Laws and Start-Ups
EU Privacy Laws and Start-UpsEU Privacy Laws and Start-Ups
EU Privacy Laws and Start-Ups
Exove
 
An introduction to data protection - Manchester - 24/06/15
An introduction to data protection - Manchester - 24/06/15An introduction to data protection - Manchester - 24/06/15
An introduction to data protection - Manchester - 24/06/15
Rachel Aldighieri
 
What does GDPR mean for your business?
What does GDPR mean for your business?What does GDPR mean for your business?
What does GDPR mean for your business?
BrightPay Payroll and Auto Enrolment Software
 
Introduction to data protection - Edinburgh - 29/04/15
Introduction to data protection - Edinburgh - 29/04/15Introduction to data protection - Edinburgh - 29/04/15
Introduction to data protection - Edinburgh - 29/04/15
Rachel Aldighieri
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
GrittyCC
 
ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]
Kwanzoo Inc
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR Overview
Trish McGinity, CCSK
 
3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICECFG
 

Recommended

EU Privacy Laws and Start-Ups
EU Privacy Laws and Start-UpsEU Privacy Laws and Start-Ups
EU Privacy Laws and Start-Ups
Exove
 
An introduction to data protection - Manchester - 24/06/15
An introduction to data protection - Manchester - 24/06/15An introduction to data protection - Manchester - 24/06/15
An introduction to data protection - Manchester - 24/06/15
Rachel Aldighieri
 
What does GDPR mean for your business?
What does GDPR mean for your business?What does GDPR mean for your business?
What does GDPR mean for your business?
BrightPay Payroll and Auto Enrolment Software
 
Introduction to data protection - Edinburgh - 29/04/15
Introduction to data protection - Edinburgh - 29/04/15Introduction to data protection - Edinburgh - 29/04/15
Introduction to data protection - Edinburgh - 29/04/15
Rachel Aldighieri
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
GrittyCC
 
ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]
Kwanzoo Inc
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR Overview
Trish McGinity, CCSK
 
3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICE3A – DATA PROTECTION: ADVICE
3A – DATA PROTECTION: ADVICECFG
 
Domain management and brand protection in the era of the EU's GDPR
Domain management and brand protection in the era of the EU's GDPRDomain management and brand protection in the era of the EU's GDPR
Domain management and brand protection in the era of the EU's GDPR
BartLieben
 
Simple GDPR Overview
Simple GDPR OverviewSimple GDPR Overview
Simple GDPR Overview
Gydeline Ltd
 
The Right Steps to Becoming GDPR Compliant
The Right Steps to Becoming GDPR CompliantThe Right Steps to Becoming GDPR Compliant
The Right Steps to Becoming GDPR Compliant
WSO2
 
GDPR - are you ready for the challenge?
GDPR - are you ready for the challenge?GDPR - are you ready for the challenge?
GDPR - are you ready for the challenge?
Sage HR
 
Are you GDPR compliant?
Are you GDPR compliant? Are you GDPR compliant?
Are you GDPR compliant?
TrekkSoft
 
mHealth Israel_EU General Data Protection Regulation_Simon Marks
mHealth Israel_EU General Data Protection Regulation_Simon MarksmHealth Israel_EU General Data Protection Regulation_Simon Marks
mHealth Israel_EU General Data Protection Regulation_Simon Marks
Levi Shapiro
 
Privacy: a fundamental feature in web application development
Privacy: a fundamental feature in web application developmentPrivacy: a fundamental feature in web application development
Privacy: a fundamental feature in web application development
Achilleas Papageorgiou
 
An introduction to data protection - 2/09/2015
An introduction to data protection - 2/09/2015An introduction to data protection - 2/09/2015
An introduction to data protection - 2/09/2015
Rachel Aldighieri
 
GDPR – what does it mean for charities and what you need to consider - Iain P...
GDPR – what does it mean for charities and what you need to consider - Iain P...GDPR – what does it mean for charities and what you need to consider - Iain P...
GDPR – what does it mean for charities and what you need to consider - Iain P...
m-hance
 
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Michael Adamberry
 
Data Protection GDPR Basics
Data Protection GDPR BasicsData Protection GDPR Basics
Data Protection GDPR Basics
Elizabeth Dunne B.L. PC.dp
 
What is the new data protection regulation GDPR and why should you care? Jesp...
What is the new data protection regulation GDPR and why should you care? Jesp...What is the new data protection regulation GDPR and why should you care? Jesp...
What is the new data protection regulation GDPR and why should you care? Jesp...
Exove
 
Legal update - Leeds
Legal update - LeedsLegal update - Leeds
Legal update - Leeds
Rachel Aldighieri
 
MindMap AVG Louwers Advocaten V 4.0 (EN)
MindMap AVG Louwers Advocaten V 4.0 (EN)MindMap AVG Louwers Advocaten V 4.0 (EN)
MindMap AVG Louwers Advocaten V 4.0 (EN)Huub de Jong
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overview
Jane Lambert
 
Webinar: An EU regulation affecting companies worldwide - GDPR
Webinar: An EU regulation affecting companies worldwide - GDPRWebinar: An EU regulation affecting companies worldwide - GDPR
Webinar: An EU regulation affecting companies worldwide - GDPR
panagenda
 
GDPR: Key Article Overview
GDPR: Key Article OverviewGDPR: Key Article Overview
GDPR: Key Article Overview
Craig Clark ITIL, CIS LI,EU GDPR P
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentation
Sudarsan Reddy
 
Prep your app for gdpr compliance
Prep your app for gdpr compliancePrep your app for gdpr compliance
Prep your app for gdpr compliance
Asanka Nissanka
 
A Brief Overview on GDPR
A Brief Overview on GDPRA Brief Overview on GDPR
A Brief Overview on GDPR
Neha Patel
 
The General Data Protection Regulation (GDPR) in Ireland-What You Should Know
The General Data Protection Regulation (GDPR) in Ireland-What You Should KnowThe General Data Protection Regulation (GDPR) in Ireland-What You Should Know
The General Data Protection Regulation (GDPR) in Ireland-What You Should Know
Terry Gorry
 
GDPR: What does it mean for your business?
GDPR: What does it mean for your business?GDPR: What does it mean for your business?
GDPR: What does it mean for your business?
BrightPay Payroll and Auto Enrolment Software
 

More Related Content

What's hot

Domain management and brand protection in the era of the EU's GDPR
Domain management and brand protection in the era of the EU's GDPRDomain management and brand protection in the era of the EU's GDPR
Domain management and brand protection in the era of the EU's GDPR
BartLieben
 
Simple GDPR Overview
Simple GDPR OverviewSimple GDPR Overview
Simple GDPR Overview
Gydeline Ltd
 
The Right Steps to Becoming GDPR Compliant
The Right Steps to Becoming GDPR CompliantThe Right Steps to Becoming GDPR Compliant
The Right Steps to Becoming GDPR Compliant
WSO2
 
GDPR - are you ready for the challenge?
GDPR - are you ready for the challenge?GDPR - are you ready for the challenge?
GDPR - are you ready for the challenge?
Sage HR
 
Are you GDPR compliant?
Are you GDPR compliant? Are you GDPR compliant?
Are you GDPR compliant?
TrekkSoft
 
mHealth Israel_EU General Data Protection Regulation_Simon Marks
mHealth Israel_EU General Data Protection Regulation_Simon MarksmHealth Israel_EU General Data Protection Regulation_Simon Marks
mHealth Israel_EU General Data Protection Regulation_Simon Marks
Levi Shapiro
 
Privacy: a fundamental feature in web application development
Privacy: a fundamental feature in web application developmentPrivacy: a fundamental feature in web application development
Privacy: a fundamental feature in web application development
Achilleas Papageorgiou
 
An introduction to data protection - 2/09/2015
An introduction to data protection - 2/09/2015An introduction to data protection - 2/09/2015
An introduction to data protection - 2/09/2015
Rachel Aldighieri
 
GDPR – what does it mean for charities and what you need to consider - Iain P...
GDPR – what does it mean for charities and what you need to consider - Iain P...GDPR – what does it mean for charities and what you need to consider - Iain P...
GDPR – what does it mean for charities and what you need to consider - Iain P...
m-hance
 
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Michael Adamberry
 
Data Protection GDPR Basics
Data Protection GDPR BasicsData Protection GDPR Basics
Data Protection GDPR Basics
Elizabeth Dunne B.L. PC.dp
 
What is the new data protection regulation GDPR and why should you care? Jesp...
What is the new data protection regulation GDPR and why should you care? Jesp...What is the new data protection regulation GDPR and why should you care? Jesp...
What is the new data protection regulation GDPR and why should you care? Jesp...
Exove
 
Legal update - Leeds
Legal update - LeedsLegal update - Leeds
Legal update - Leeds
Rachel Aldighieri
 
MindMap AVG Louwers Advocaten V 4.0 (EN)
MindMap AVG Louwers Advocaten V 4.0 (EN)MindMap AVG Louwers Advocaten V 4.0 (EN)
MindMap AVG Louwers Advocaten V 4.0 (EN)Huub de Jong
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overview
Jane Lambert
 
Webinar: An EU regulation affecting companies worldwide - GDPR
Webinar: An EU regulation affecting companies worldwide - GDPRWebinar: An EU regulation affecting companies worldwide - GDPR
Webinar: An EU regulation affecting companies worldwide - GDPR
panagenda
 
GDPR: Key Article Overview
GDPR: Key Article OverviewGDPR: Key Article Overview
GDPR: Key Article Overview
Craig Clark ITIL, CIS LI,EU GDPR P
 

What's hot (17)

Domain management and brand protection in the era of the EU's GDPR
Domain management and brand protection in the era of the EU's GDPRDomain management and brand protection in the era of the EU's GDPR
Domain management and brand protection in the era of the EU's GDPR
 
Simple GDPR Overview
Simple GDPR OverviewSimple GDPR Overview
Simple GDPR Overview
 
The Right Steps to Becoming GDPR Compliant
The Right Steps to Becoming GDPR CompliantThe Right Steps to Becoming GDPR Compliant
The Right Steps to Becoming GDPR Compliant
 
GDPR - are you ready for the challenge?
GDPR - are you ready for the challenge?GDPR - are you ready for the challenge?
GDPR - are you ready for the challenge?
 
Are you GDPR compliant?
Are you GDPR compliant? Are you GDPR compliant?
Are you GDPR compliant?
 
mHealth Israel_EU General Data Protection Regulation_Simon Marks
mHealth Israel_EU General Data Protection Regulation_Simon MarksmHealth Israel_EU General Data Protection Regulation_Simon Marks
mHealth Israel_EU General Data Protection Regulation_Simon Marks
 
Privacy: a fundamental feature in web application development
Privacy: a fundamental feature in web application developmentPrivacy: a fundamental feature in web application development
Privacy: a fundamental feature in web application development
 
An introduction to data protection - 2/09/2015
An introduction to data protection - 2/09/2015An introduction to data protection - 2/09/2015
An introduction to data protection - 2/09/2015
 
GDPR – what does it mean for charities and what you need to consider - Iain P...
GDPR – what does it mean for charities and what you need to consider - Iain P...GDPR – what does it mean for charities and what you need to consider - Iain P...
GDPR – what does it mean for charities and what you need to consider - Iain P...
 
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17
 
Data Protection GDPR Basics
Data Protection GDPR BasicsData Protection GDPR Basics
Data Protection GDPR Basics
 
What is the new data protection regulation GDPR and why should you care? Jesp...
What is the new data protection regulation GDPR and why should you care? Jesp...What is the new data protection regulation GDPR and why should you care? Jesp...
What is the new data protection regulation GDPR and why should you care? Jesp...
 
Legal update - Leeds
Legal update - LeedsLegal update - Leeds
Legal update - Leeds
 
MindMap AVG Louwers Advocaten V 4.0 (EN)
MindMap AVG Louwers Advocaten V 4.0 (EN)MindMap AVG Louwers Advocaten V 4.0 (EN)
MindMap AVG Louwers Advocaten V 4.0 (EN)
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overview
 
Webinar: An EU regulation affecting companies worldwide - GDPR
Webinar: An EU regulation affecting companies worldwide - GDPRWebinar: An EU regulation affecting companies worldwide - GDPR
Webinar: An EU regulation affecting companies worldwide - GDPR
 
GDPR: Key Article Overview
GDPR: Key Article OverviewGDPR: Key Article Overview
GDPR: Key Article Overview
 

Similar to GDPR Is Around the Corner - Don't Panic

Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentation
Sudarsan Reddy
 
Prep your app for gdpr compliance
Prep your app for gdpr compliancePrep your app for gdpr compliance
Prep your app for gdpr compliance
Asanka Nissanka
 
A Brief Overview on GDPR
A Brief Overview on GDPRA Brief Overview on GDPR
A Brief Overview on GDPR
Neha Patel
 
The General Data Protection Regulation (GDPR) in Ireland-What You Should Know
The General Data Protection Regulation (GDPR) in Ireland-What You Should KnowThe General Data Protection Regulation (GDPR) in Ireland-What You Should Know
The General Data Protection Regulation (GDPR) in Ireland-What You Should Know
Terry Gorry
 
GDPR: What does it mean for your business?
GDPR: What does it mean for your business?GDPR: What does it mean for your business?
GDPR: What does it mean for your business?
BrightPay Payroll and Auto Enrolment Software
 
GDPR: What does it mean for your business?
GDPR: What does it mean for your business?GDPR: What does it mean for your business?
GDPR: What does it mean for your business?
BrightPay Payroll and Auto Enrolment Software
 
Polina Zvyagina - Airbnb - Privacy & GDPR Compliance - Stanford Engineering -...
Polina Zvyagina - Airbnb - Privacy & GDPR Compliance - Stanford Engineering -...Polina Zvyagina - Airbnb - Privacy & GDPR Compliance - Stanford Engineering -...
Polina Zvyagina - Airbnb - Privacy & GDPR Compliance - Stanford Engineering -...
Burton Lee
 
GDPR Privacy Introduction
GDPR Privacy IntroductionGDPR Privacy Introduction
GDPR Privacy Introduction
NiclasGranqvist
 
GDPR for developers
GDPR for developersGDPR for developers
GDPR for developers
Exove
 
Nymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesNymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 States
TrustArc
 
GDPR – The Practicalities of a New Reality
GDPR – The Practicalities of a New Reality GDPR – The Practicalities of a New Reality
GDPR – The Practicalities of a New Reality
Tommy Kearns
 
How does GDPR affect your business?
How does GDPR affect your business?How does GDPR affect your business?
How does GDPR affect your business?
Christiana Kozakou
 
Data breaches, privacy programs and what will change for processors
Data breaches, privacy programs and what will change for processorsData breaches, privacy programs and what will change for processors
Data breaches, privacy programs and what will change for processors
Exove
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan
Ulf Mattsson
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
BrightPay Payroll and Auto Enrolment Software
 
General Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian FirmsGeneral Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian Firms
accenture
 
Creating a GDPR Action Plan; Not a Freakout Plan
Creating a GDPR Action Plan; Not a Freakout PlanCreating a GDPR Action Plan; Not a Freakout Plan
Creating a GDPR Action Plan; Not a Freakout Plan
Mediacurrent
 
GDPR Demystified
GDPR DemystifiedGDPR Demystified
GDPR Demystified
SPIN Chennai
 
Things to know about GDPR in 2018
Things to know about GDPR in 2018Things to know about GDPR in 2018
Things to know about GDPR in 2018
Webkul Software Pvt. Ltd.
 
GDPR - 5 Months On!
GDPR - 5 Months On!GDPR - 5 Months On!
GDPR - 5 Months On!
BrightPay Payroll and Auto Enrolment Software
 

Similar to GDPR Is Around the Corner - Don't Panic (20)

Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentation
 
Prep your app for gdpr compliance
Prep your app for gdpr compliancePrep your app for gdpr compliance
Prep your app for gdpr compliance
 
A Brief Overview on GDPR
A Brief Overview on GDPRA Brief Overview on GDPR
A Brief Overview on GDPR
 
The General Data Protection Regulation (GDPR) in Ireland-What You Should Know
The General Data Protection Regulation (GDPR) in Ireland-What You Should KnowThe General Data Protection Regulation (GDPR) in Ireland-What You Should Know
The General Data Protection Regulation (GDPR) in Ireland-What You Should Know
 
GDPR: What does it mean for your business?
GDPR: What does it mean for your business?GDPR: What does it mean for your business?
GDPR: What does it mean for your business?
 
GDPR: What does it mean for your business?
GDPR: What does it mean for your business?GDPR: What does it mean for your business?
GDPR: What does it mean for your business?
 
Polina Zvyagina - Airbnb - Privacy & GDPR Compliance - Stanford Engineering -...
Polina Zvyagina - Airbnb - Privacy & GDPR Compliance - Stanford Engineering -...Polina Zvyagina - Airbnb - Privacy & GDPR Compliance - Stanford Engineering -...
Polina Zvyagina - Airbnb - Privacy & GDPR Compliance - Stanford Engineering -...
 
GDPR Privacy Introduction
GDPR Privacy IntroductionGDPR Privacy Introduction
GDPR Privacy Introduction
 
GDPR for developers
GDPR for developersGDPR for developers
GDPR for developers
 
Nymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesNymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 States
 
GDPR – The Practicalities of a New Reality
GDPR – The Practicalities of a New Reality GDPR – The Practicalities of a New Reality
GDPR – The Practicalities of a New Reality
 
How does GDPR affect your business?
How does GDPR affect your business?How does GDPR affect your business?
How does GDPR affect your business?
 
Data breaches, privacy programs and what will change for processors
Data breaches, privacy programs and what will change for processorsData breaches, privacy programs and what will change for processors
Data breaches, privacy programs and what will change for processors
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
 
General Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian FirmsGeneral Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian Firms
 
Creating a GDPR Action Plan; Not a Freakout Plan
Creating a GDPR Action Plan; Not a Freakout PlanCreating a GDPR Action Plan; Not a Freakout Plan
Creating a GDPR Action Plan; Not a Freakout Plan
 
GDPR Demystified
GDPR DemystifiedGDPR Demystified
GDPR Demystified
 
Things to know about GDPR in 2018
Things to know about GDPR in 2018Things to know about GDPR in 2018
Things to know about GDPR in 2018
 
GDPR - 5 Months On!
GDPR - 5 Months On!GDPR - 5 Months On!
GDPR - 5 Months On!
 

More from eZ Systems

A unified platform to build Digital Experience from Content to Commerce to Pe...
A unified platform to build Digital Experience from Content to Commerce to Pe...A unified platform to build Digital Experience from Content to Commerce to Pe...
A unified platform to build Digital Experience from Content to Commerce to Pe...
eZ Systems
 
"Reconociendo al cliente personalizando su experiencia" - Andorra Turisme - e...
"Reconociendo al cliente personalizando su experiencia" - Andorra Turisme - e..."Reconociendo al cliente personalizando su experiencia" - Andorra Turisme - e...
"Reconociendo al cliente personalizando su experiencia" - Andorra Turisme - e...
eZ Systems
 
"How Crédit Agricole and IT-CE managed their digital transformation thanks to...
"How Crédit Agricole and IT-CE managed their digital transformation thanks to..."How Crédit Agricole and IT-CE managed their digital transformation thanks to...
"How Crédit Agricole and IT-CE managed their digital transformation thanks to...
eZ Systems
 
The rise of Digital Experience Platforms
The rise of Digital Experience PlatformsThe rise of Digital Experience Platforms
The rise of Digital Experience Platforms
eZ Systems
 
"How to deliver remarkable digital experiences to customers?"
"How to deliver remarkable digital experiences to customers?""How to deliver remarkable digital experiences to customers?"
"How to deliver remarkable digital experiences to customers?"
eZ Systems
 
Keynote eZ Roadshow & Diginight 2019 - oslo
Keynote eZ Roadshow & Diginight 2019 - osloKeynote eZ Roadshow & Diginight 2019 - oslo
Keynote eZ Roadshow & Diginight 2019 - oslo
eZ Systems
 
Symfony 4.0 + - Track Technique eZ Roadshow 2019 - PARIS
Symfony 4.0 + - Track Technique eZ Roadshow 2019 - PARISSymfony 4.0 + - Track Technique eZ Roadshow 2019 - PARIS
Symfony 4.0 + - Track Technique eZ Roadshow 2019 - PARIS
eZ Systems
 
Brochure eZ Platform DXP
Brochure eZ Platform DXPBrochure eZ Platform DXP
Brochure eZ Platform DXP
eZ Systems
 
[Webinar] Discover eZ platform v2.4
[Webinar] Discover eZ platform v2.4[Webinar] Discover eZ platform v2.4
[Webinar] Discover eZ platform v2.4
eZ Systems
 
Community webinar discover e z platform v2.3 (9.10.2018)
Community webinar discover e z platform v2.3 (9.10.2018)Community webinar discover e z platform v2.3 (9.10.2018)
Community webinar discover e z platform v2.3 (9.10.2018)
eZ Systems
 
Symfony Under the Hood
Symfony Under the HoodSymfony Under the Hood
Symfony Under the Hood
eZ Systems
 
eZ in the Year Ahead
eZ in the Year AheadeZ in the Year Ahead
eZ in the Year Ahead
eZ Systems
 
Personalization on eZ Platform v2
Personalization on eZ Platform v2Personalization on eZ Platform v2
Personalization on eZ Platform v2
eZ Systems
 
Choose the eZ Universe for Your Web Galaxy
Choose the eZ Universe for Your Web GalaxyChoose the eZ Universe for Your Web Galaxy
Choose the eZ Universe for Your Web Galaxy
eZ Systems
 
Using eZ Platform in an API Era
Using eZ Platform in an API EraUsing eZ Platform in an API Era
Using eZ Platform in an API Era
eZ Systems
 
Extending eZ Platform v2 with Symfony and React
Extending eZ Platform v2 with Symfony and ReactExtending eZ Platform v2 with Symfony and React
Extending eZ Platform v2 with Symfony and React
eZ Systems
 
A Roadmap to Becoming Your Customer’s Information Hub
A Roadmap to Becoming Your Customer’s Information HubA Roadmap to Becoming Your Customer’s Information Hub
A Roadmap to Becoming Your Customer’s Information Hub
eZ Systems
 
eZ Platform Cloud and eZ Launchpad: Don’t Host, Don’t Deploy, Don’t Install—J...
eZ Platform Cloud and eZ Launchpad: Don’t Host, Don’t Deploy, Don’t Install—J...eZ Platform Cloud and eZ Launchpad: Don’t Host, Don’t Deploy, Don’t Install—J...
eZ Platform Cloud and eZ Launchpad: Don’t Host, Don’t Deploy, Don’t Install—J...
eZ Systems
 
GDPR in the Digital World
GDPR in the Digital WorldGDPR in the Digital World
GDPR in the Digital World
eZ Systems
 
When content transforms your customer experience
When content transforms your customer experienceWhen content transforms your customer experience
When content transforms your customer experience
eZ Systems
 

More from eZ Systems (20)

A unified platform to build Digital Experience from Content to Commerce to Pe...
A unified platform to build Digital Experience from Content to Commerce to Pe...A unified platform to build Digital Experience from Content to Commerce to Pe...
A unified platform to build Digital Experience from Content to Commerce to Pe...
 
"Reconociendo al cliente personalizando su experiencia" - Andorra Turisme - e...
"Reconociendo al cliente personalizando su experiencia" - Andorra Turisme - e..."Reconociendo al cliente personalizando su experiencia" - Andorra Turisme - e...
"Reconociendo al cliente personalizando su experiencia" - Andorra Turisme - e...
 
"How Crédit Agricole and IT-CE managed their digital transformation thanks to...
"How Crédit Agricole and IT-CE managed their digital transformation thanks to..."How Crédit Agricole and IT-CE managed their digital transformation thanks to...
"How Crédit Agricole and IT-CE managed their digital transformation thanks to...
 
The rise of Digital Experience Platforms
The rise of Digital Experience PlatformsThe rise of Digital Experience Platforms
The rise of Digital Experience Platforms
 
"How to deliver remarkable digital experiences to customers?"
"How to deliver remarkable digital experiences to customers?""How to deliver remarkable digital experiences to customers?"
"How to deliver remarkable digital experiences to customers?"
 
Keynote eZ Roadshow & Diginight 2019 - oslo
Keynote eZ Roadshow & Diginight 2019 - osloKeynote eZ Roadshow & Diginight 2019 - oslo
Keynote eZ Roadshow & Diginight 2019 - oslo
 
Symfony 4.0 + - Track Technique eZ Roadshow 2019 - PARIS
Symfony 4.0 + - Track Technique eZ Roadshow 2019 - PARISSymfony 4.0 + - Track Technique eZ Roadshow 2019 - PARIS
Symfony 4.0 + - Track Technique eZ Roadshow 2019 - PARIS
 
Brochure eZ Platform DXP
Brochure eZ Platform DXPBrochure eZ Platform DXP
Brochure eZ Platform DXP
 
[Webinar] Discover eZ platform v2.4
[Webinar] Discover eZ platform v2.4[Webinar] Discover eZ platform v2.4
[Webinar] Discover eZ platform v2.4
 
Community webinar discover e z platform v2.3 (9.10.2018)
Community webinar discover e z platform v2.3 (9.10.2018)Community webinar discover e z platform v2.3 (9.10.2018)
Community webinar discover e z platform v2.3 (9.10.2018)
 
Symfony Under the Hood
Symfony Under the HoodSymfony Under the Hood
Symfony Under the Hood
 
eZ in the Year Ahead
eZ in the Year AheadeZ in the Year Ahead
eZ in the Year Ahead
 
Personalization on eZ Platform v2
Personalization on eZ Platform v2Personalization on eZ Platform v2
Personalization on eZ Platform v2
 
Choose the eZ Universe for Your Web Galaxy
Choose the eZ Universe for Your Web GalaxyChoose the eZ Universe for Your Web Galaxy
Choose the eZ Universe for Your Web Galaxy
 
Using eZ Platform in an API Era
Using eZ Platform in an API EraUsing eZ Platform in an API Era
Using eZ Platform in an API Era
 
Extending eZ Platform v2 with Symfony and React
Extending eZ Platform v2 with Symfony and ReactExtending eZ Platform v2 with Symfony and React
Extending eZ Platform v2 with Symfony and React
 
A Roadmap to Becoming Your Customer’s Information Hub
A Roadmap to Becoming Your Customer’s Information HubA Roadmap to Becoming Your Customer’s Information Hub
A Roadmap to Becoming Your Customer’s Information Hub
 
eZ Platform Cloud and eZ Launchpad: Don’t Host, Don’t Deploy, Don’t Install—J...
eZ Platform Cloud and eZ Launchpad: Don’t Host, Don’t Deploy, Don’t Install—J...eZ Platform Cloud and eZ Launchpad: Don’t Host, Don’t Deploy, Don’t Install—J...
eZ Platform Cloud and eZ Launchpad: Don’t Host, Don’t Deploy, Don’t Install—J...
 
GDPR in the Digital World
GDPR in the Digital WorldGDPR in the Digital World
GDPR in the Digital World
 
When content transforms your customer experience
When content transforms your customer experienceWhen content transforms your customer experience
When content transforms your customer experience
 

Recently uploaded

April 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products NewsletterApril 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products Newsletter
NathanBaughman3
 
Digital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and TemplatesDigital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and Templates
Aurelien Domont, MBA
 
VAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and RequirementsVAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and Requirements
uae taxgpt
 
Attending a job Interview for B1 and B2 Englsih learners
Attending a job Interview for B1 and B2 Englsih learnersAttending a job Interview for B1 and B2 Englsih learners
Attending a job Interview for B1 and B2 Englsih learners
Erika906060
 
Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...
dylandmeas
 
Memorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.pptMemorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.ppt
seri bangash
 
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBdCree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
creerey
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
agatadrynko
 
5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer
ofm712785
 
Business Valuation Principles for Entrepreneurs
Business Valuation Principles for EntrepreneursBusiness Valuation Principles for Entrepreneurs
Business Valuation Principles for Entrepreneurs
Ben Wann
 
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
BBPMedia1
 
Unveiling the Secrets How Does Generative AI Work.pdf
Unveiling the Secrets How Does Generative AI Work.pdfUnveiling the Secrets How Does Generative AI Work.pdf
Unveiling the Secrets How Does Generative AI Work.pdf
Sam H
 
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraTata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Avirahi City Dholera
 
amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05
marketing317746
 
Buy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star ReviewsBuy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star Reviews
usawebmarket
 
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Lviv Startup Club
 
The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...
balatucanapplelovely
 
ENTREPRENEURSHIP TRAINING.ppt for graduating class (1).ppt
ENTREPRENEURSHIP TRAINING.ppt for graduating class (1).pptENTREPRENEURSHIP TRAINING.ppt for graduating class (1).ppt
ENTREPRENEURSHIP TRAINING.ppt for graduating class (1).ppt
zechu97
 
Enterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdfEnterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdf
KaiNexus
 
BeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024 .pdfBeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024 .pdf
DerekIwanaka1
 

Recently uploaded (20)

April 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products NewsletterApril 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products Newsletter
 
Digital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and TemplatesDigital Transformation and IT Strategy Toolkit and Templates
Digital Transformation and IT Strategy Toolkit and Templates
 
VAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and RequirementsVAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and Requirements
 
Attending a job Interview for B1 and B2 Englsih learners
Attending a job Interview for B1 and B2 Englsih learnersAttending a job Interview for B1 and B2 Englsih learners
Attending a job Interview for B1 and B2 Englsih learners
 
Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...
 
Memorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.pptMemorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.ppt
 
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBdCree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
 
5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer
 
Business Valuation Principles for Entrepreneurs
Business Valuation Principles for EntrepreneursBusiness Valuation Principles for Entrepreneurs
Business Valuation Principles for Entrepreneurs
 
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...
 
Unveiling the Secrets How Does Generative AI Work.pdf
Unveiling the Secrets How Does Generative AI Work.pdfUnveiling the Secrets How Does Generative AI Work.pdf
Unveiling the Secrets How Does Generative AI Work.pdf
 
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraTata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
 
amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05
 
Buy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star ReviewsBuy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star Reviews
 
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)
 
The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...
 
ENTREPRENEURSHIP TRAINING.ppt for graduating class (1).ppt
ENTREPRENEURSHIP TRAINING.ppt for graduating class (1).pptENTREPRENEURSHIP TRAINING.ppt for graduating class (1).ppt
ENTREPRENEURSHIP TRAINING.ppt for graduating class (1).ppt
 
Enterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdfEnterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdf
 
BeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024 .pdfBeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024 .pdf
 

GDPR Is Around the Corner - Don't Panic

  • 1. GDPR Is Around the Corner - Don’t Panic EXOVE 2018
  • 2. About Exove ● Digital design and development company in Finland, Estonia, the UK, and Singapore ● Full service portfolio from business consulting and service design to development and care ● We serve both multinational giants and new start-ups alike ● We deliver digital growth More about us: ● www.exove.com ● www.exove.com/gdpr ● @exove
  • 3. About Janne Kalliola ● Founder and CEO of Exove ○ Before Exove, worked at Continuent, First Hop, SSH, HUT ● Been coding since 1983, first web stuff in 1994 ● Worked with web publishing and content managements systems since 1999 ○ I’ve written three CMS in the past More about me: ● www.kallio.la ● linkedin.com/in/jannekalliola ● @plastic
  • 4. Agenda ● EU Privacy - General Data Protection Regulation in a nutshell ○ Background ○ New rights for individuals ○ New requirements for companies ● Content management systems and their specialties ○ Structured and unstructured data ○ Analytics ○ Leaking data inadvertly ● What to do? ○ Practical approach ● Questions & answers
  • 6. GDPR? General Data Protection Regulation Is the EU’s new privacy regulation that harmonises the managing personal data in the member states and gives new rights to the individuals. Replaces old directive (95/46/EC) that is outdated and implemented differently in member states.
  • 7. GDPR in a Nutshell ● GDPR is a regulation, thus it is in force in all member states without local legislation ● Needs local legislation to be compatible with the regulation and allows a lot of locally adjustable details ● Adds rights to individuals and responsibilities to companies ● Applies to all companies - worldwide - that process personal data of an EU resident ● GDPR is in force already ● We are currently on a transition period that ends on May 25th, 2018 ● GDPR imposes administrative sanctions that can be considerable
  • 8. Two Data Handling Roles Controller ● The company collecting the data and controlling its usage ● Responsible for and able to demonstrate compliance with the regulation ○ Including also work done by processors Processor ● A company that processes personal data on behalf of a controller ● Must be contractually bound to the controller and follow written orders ● Must return or delete data when contract ends
  • 9. Broad Definition of Personal Data ● GDPR broadens the definition of personal data: ○ Any information concerning an identified or identifiable natural person - such as name, telephone number, email address, car license plate, dynamic IP address – thus very broad interpretation ○ Pseudonymized data that can be reversed to identifiable with additional data ● GPDR also defines sensitive data that must be handled with special care ○ Political affiliation, health records, genetic & biometric data, etc. ● Children are identified as vulnerable individuals that require specific protection ○ Consent given by person with parental responsibility for the child
  • 10. Other Major Concepts ● Transparency and consent – The individuals need to know how and why their data is used, and companies need to have valid reason for the data usage ○ Several valid reasons, such as contractual, legal, and based on consent ○ If consent is given, it can be withdrawn anytime ● Privacy by design and default – Systems need to be designed to take privacy into account from the very beginning ● Accountability – Organisations must be able to proof that they are following the regulation, i.e. reversed burden of proof ○ Requires process documentation, paper trails of decisions, and in some cases privacy impact assessments
  • 11. Rights of the Individuals (1/2) ● Access to data – The individuals must be able to see the data collected about them ○ By request that needs to be followed in a month – there are extensions for some cases, in commonly used electronic format. ○ First copy must be free of charge ● Rectification of inaccurate data – The individuals can ask inaccurate data to be corrected ● Right of erasure – The individuals can ask data to be removed ● Object of processing – The individuals can stop specific kind of processing, for example, direct marketing
  • 12. Rights of the Individuals (2/2) ● Portability – The individuals have right to have their data ported to them or to another service ● Restricting processing – The individuals can ask to stop processing their data for a period of time. ○ Data can also be temporarily removed in this case ● Profiling and automated decision-taking – Profiling based on sensitive data requires explicit consent and the individuals can request manual intervention of automated decision-taking that cause them significant effects
  • 13. Data Transfers ● Transfers outside EEA (European Economic Area) are restricted, but not forbidden ● Transfers require adequate level of data protection, such as following EU model clauses ● Number of safe countries whose regulation provides similar protection of personal data as GDPR ● Safe Harbor is now replaced with Privacy Shield, a new deal to self-certify US companies to allow hosting data regulated by the GDPR
  • 14. Data Breaches ● Processors need to inform the controller “without undue delay after becoming aware of it”, without exceptions ● Controllers need to inform the authorities within 72 hours after becoming aware of the breach ● In some cases, the controller will need to inform the data subjects about the breach
  • 15. Implications for UX ● Consent is more regulated than before ○ Needs to be specific and unambiguous, cannot be part of other written agreements ○ Must be active – i.e. no pre-ticked checkboxes ○ Must be reversible ○ Record of the given consent is required ○ Consent cannot be required for a service that works also without processing personal data ● Privacy policy is more important than before ○ Data has to have storage times, and a lot of other tidbits
  • 16. Changes in Contracting ● Controller must have written contract with every processor ○ Responsibility goes to the end of the subcontracting chain ● The contract has mandatory clauses stipulated by GDPR ● The actions done by a processor must be defined in writing
  • 18. Structured vs. Unstructured Data ● Most of the data processed by computers is structured, in other words it contains named fields that might have types ○ Structured data is easy to put into spreadsheets ● Content management systems handle a lot of unstructured data – the content ○ Unstructured data is easy to put into documents ○ This data is also under GDPR
  • 19. Content and GDPR ● Content contains easily a lot of personal information, such as names, email addresses, phone numbers, images of people ● These cannot easily be exported from the system to satisfy end user rights ● Thus, one needs to be diligent ○ Best solutions are to make suitable content types and other structures that move a lot repeating data into structured data ○ For example, staff listing implemented as a list of persons and not freely editable page
  • 20. Consent ● Remember also to have consent from people to use their personal information ○ Discussion forums, blog comments, etc. ● This applies to your own personnel, too ○ Using names and photos in a staff listing needs a consent ● It does not help whether you use company provided email addresses or phone numbers, as people can still be identified using them – thus they are also personal information
  • 21. Analytics ● Using analytics is ok in general ● It is good to check what kind of data goes into analytics and how the system processes them ○ Even if does not store the data, it might temporarily be accessible by the personnel of the analytics provider ○ And this needs to be covered in the contract between you and them ● IP address is a typical piece of data transferred to analytics ○ Some solutions – such as Google Analytics – offer anonymisation of IP address before sending it to the analytics
  • 22. Access and Error Logs ● Content management systems generate various logs for administrative and error management purposes ○ These logs have at least the IP address of the user and thus are also full of personal data ● The procedures for such logs need to be checked ○ Who has access to them ○ Whether they are exported to an analysis system ● Also own or third party extensions to CMS may write own log files ● Debug mode may cause more personal data to be written to the files
  • 23. URLs ● Your system may transfer personal data in URLs, such as ○ https://example.com/person/?name=Janne+Kalliola&birthdate=... ● All systems storing that URL – logs, analytics, etc. – suddenly may contain way more personal data that you know and have defined in your processes ● Also transaction ids and other pieces of data that identify a single user are considered personal data
  • 24. Staging and Development Environments ● GDPR affects to all systems, including also staging and development environments ○ In case of requests from users, the data in these systems need to be included in erasure, rectification, etc. ● When data is copied from production to staging or development – typically to debug issues – special care is needed ○ As people tend to have a more relaxed attitude towards these systems, the probability of data leaks increase
  • 26. My Advice ● This is for real, so better be prepared ● If you have not yet started, the chances are that you are late ○ But it is still advisable to start now ● Everything that you do now should already be compliant with GDPR ○ Pay attention to your data architecture ○ Think of user rights and how they are implemented ● Train your people ● Get external help, if you do not know how to proceed
  • 27. You Need to Know Where You Stand ● You need to understand GDPR and its effects to your organisation ● You must understand how data flows in your systems ○ Where, what and why data is stored ○ Check whether data is flowing out of EU or to another controller ● You must have defined and followed procedures for handling personal data ○ These are typically mostly non-existent in most companies ● You need to have written contracts with all your partners related to personal data ● You need to be moving now and be compliant by May 25th, 2018 ○ There might be some leeway, but I would not count on it ● And if you do nothing, you are just asking for troubles
  • 28. Two-Way Approach ● When we work with GDPR, we typically split the work into two parts: ○ Gap analysis – understanding current position and the gap towards the compliance by listing the systems, describing data flows between them, and defining the gathered, transferred, and stored personal data ○ Compliance program – a complete undertaking to ensure GDPR compliance, includes changes of processes, systems, documentation, and user-facing policies
  • 29. Gap Analysis ● Gap analysis exposes the most critical omissions and other issues with regards to GDPR quite quickly ○ It is mostly done as a desktop research ○ We have found that the administrators of systems are better source of information than the vendors of the same systems ● There are tools to support the work, but it can be also done using documents and spreadsheets ● Someone needs to own the project ● The management needs to show interest in the results
  • 30. Compliance Program ● The compliance program is a long process of fixing everything to be compliant with GDPR ○ The task list must be prioritised, typically quite heavily ○ The key is to reduce “problem surface” as quickly as possible ○ So focus on the main businesses, the most important systems, the most crucial personal data first ● You need to make sure that your vendors are interested in helping you ○ It is a shared undertaking ○ Be fair while being also demanding ● It is crucial to get this off the ground before May 25th
  • 31. Keeping Up with GDPR ● Gap analysis and compliance programs make you compliant with GDPR for that specific moment when the projects are over ● If you do not sustain the right use of personal data, you will go back to your old ways – that are most probably not compliant ● Everyone needs to change the way how they think about personal data and privacy ○ Your staff, vendors, etc. ● The processes are as good as the people implementing them ● So keep focus on personal data after the big push until it becomes a second nature
  • 32. So What Now? ● This might sound very exhaustive and even impossible task ● But there are no other decent choices than to comply ● So, it is crucial to take the first step and then continue walking You will reach the destination sooner or later, as long as you keep moving.
  • 35. Gap Analysis Description Bird&Bird asks the juridical questions and Exove focuses on ICT. The questionnaires are sent typically to people responsible for ICT, HR, legal and business Bird&Bird and Exove study the results and write an analysis of the situation Bird&Bird and Exove organise a three hour workshop with the key people of the client OPTION: The report is gone through with the client and the situation is assessed to understand how the client will reach legally and technically required compliant state. Contents Results Report with around ten point list of the current situation and action points. Offer for executing a GDPR compliance program IT Juridical Analysis Workshop GDPR compliance program
  • 36. Compliance Program ● Bird & Bird and Exove plan and execute a complete compliance program ● Based on the gap analysis findings, industry of the client, and assessed risks ● Includes changes to processes, documentation, technology, UX, and contracts ● The depth of the work is to be agreed on case by case basis